The second time, a hacker had sent malicious emails to my InfoWorld address in an attempt to take over my computer. I usually investigate these infrequent occurrences if only to see whether the attack is unique or unusual. In this particular case, the hacker had sent me a GIF file, which took advantage of a brand-new zero-day exploit that buffer-overflowed a Microsoft Windows graphics handling file and gave the attacker full control of my system.
I was getting ready to head on vacation, after a few hours of sleep, and was in such a hurry that I didn't take the time to open the email in a virtual environment, like I normally would with an email I knew to be malicious. I also couldn't believe that the attached GIF file could buffer-overflow my system. Many hackers have claimed the ability to do this for nearly two decades, but up until that email, it had never been accomplished in the wild. I was overly confident, perhaps a little cocky, that this malicious graphics file would be like the rest -- harmless.
I was wrong. Immediately upon executing it, I could see it implant a backdoor Trojan and dial home. It took me by surprise. After hitting myself in the head a few times for executing a known malicious file on my personal computer, I disconnected from the Internet and immediately began defanging the newly dropped Trojan.
Within a few hours, I had successfully tracked and documented the new vulnerability. I sent a copy off to Microsoft and a few of my antivirus friends for more analysis and response. I lost any chance of getting any sleep before my vacation, and I remember driving way more tired than I should have.
The incident didn't end there. I contacted the originator of the email and gave him some ill-achieved props. I had noticed he was bragging about his exploit on an IRC hacker channel and spreading his creation to dozens of websites. I told him that Microsoft was working on a fix and all the AV companies were releasing signatures. Needless to say, he wasn't happy.
He then tried to hack my personal computer network, having acquired the IP address from his initial backdoor Trojan. He launched every malicious attack anyone could think of at the time, including DDoS attacks. When he couldn't break into my network, he began attacking people and companies I did business with, using my IP address. For example, the hacker was successful in getting Apple to ban my IP address from connecting to its networks, preventing me from picking up new music from iTunes. No amount of emails with Apple would fix the problem, and eventually I was forced to get another IP address from my ISP.
I investigated the hacker, reading emails he had posted in a few hacker forums and on legitimate websites. What I found was that he was an overly zealous high school kid in the Midwest who thought he was a better hacker than he really was. Even "his" zero day was created by someone else. He just passed it along and claimed credit.
After a few more weeks of computer attacks, I sent him an email asking him to stop. He was surprised I had his email address. I responded with his real name, high school, and mailing address. I politely asked that he stop hacking me. He responded by launching even more attacks and attacking more companies using my new IP address. He was getting annoying. It was time to turn the tables.
I figured out what firewall he used to protect himself. I remembered having seen that it had recently had a remote buffer overflow announced in a public forum. This next step probably isn't legal, but I used the buffer overflow to break into his computer. I created a batch file with commands that would format his hard drive the next time he rebooted, except I remarked out (REM'd) the lines so they would not take affect. I then sent him an email and told him of this "kill" batch file that I had placed on his local hard drive.